On 2019-11-30 16:00, André Rodier wrote: > Package: nscd > Version: 2.28-10 > > When using AppArmor and ldap for users database, and nscd on Debian, a > lot of errors are visible in the AppArmor logs, when any program > queries nscd. > > The nscd daemon tries to open files in "var/cache/nscd/..." instead of > "/var/cache/nscd/...". Note the missing slash character at the > beginning. AppArmor complains about the file access denied, but the > error is really a missing '/' character in the path of the cache files.
What makes you believe that? I have just tried with strace, and I see the correct path with the leading '/': openat(AT_FDCWD, "/var/cache/nscd/passwd", O_RDWR|O_CLOEXEC) = 4 openat(AT_FDCWD, "/var/cache/nscd/passwd", O_RDONLY|O_CLOEXEC) = 5 openat(AT_FDCWD, "/var/cache/nscd/group", O_RDWR|O_CLOEXEC) = 6 openat(AT_FDCWD, "/var/cache/nscd/group", O_RDONLY|O_CLOEXEC) = 7 openat(AT_FDCWD, "/var/cache/nscd/hosts", O_RDWR|O_CLOEXEC) = 8 openat(AT_FDCWD, "/var/cache/nscd/hosts", O_RDONLY|O_CLOEXEC) = 9 openat(AT_FDCWD, "/var/cache/nscd/services", O_RDWR|O_CLOEXEC) = 10 openat(AT_FDCWD, "/var/cache/nscd/services", O_RDONLY|O_CLOEXEC) = 11 openat(AT_FDCWD, "/var/cache/nscd/netgroup", O_RDWR|O_CLOEXEC) = 12 openat(AT_FDCWD, "/var/cache/nscd/netgroup", O_RDONLY|O_CLOEXEC) = 13 Regards, Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net